Free Cisco 350-701 Practice Questions 2026 | Implementing and Operating Cisco Security Core Technologies (SCOR 350-701)

Explanation for Each Option:

A. Client computers do not have the Cisco Umbrella Root CA certificate installed (Correct):
Cisco Umbrella uses SSL decryption to inspect and block malicious or restricted URLs. If the client computers lack the Umbrella Root CA certificate, the SSL handshake fails, resulting in accessibility errors for blocked sites while allowing unblocked sites to function. Installing the certificate resolves this, making this the likely cause. (Reference: Cisco Umbrella SSL Decryption Guide, Certificate Installation.)

B. IP-Layer Enforcement is not configured (Incorrect):
IP-Layer Enforcement in Cisco Umbrella blocks traffic at the network level using routing policies, but it is not required for URL blocking via the proxy. The error suggests an SSL-related issue, not a missing IP enforcement configuration, rendering this option incorrect. (Reference: Cisco Umbrella IP-Layer Enforcement Documentation.

C. Intelligent proxy and SSL decryption is disabled in the policy (Incorrect):
If intelligent proxy and SSL decryption are disabled, Umbrella cannot inspect HTTPS traffic, potentially allowing all sites to bypass filtering rather than causing errors for some sites. The selective accessibility issue points to a certificate problem, not a disabled policy, making this option incorrect. (Reference: Cisco Umbrella Policy Configuration Guide.

D. Client computers do not have an SSL certificate deployed from an internal CA server (Incorrect):
An internal CA certificate is not required for Cisco Umbrella to function. Umbrella relies on its own Root CA certificate for SSL decryption, not an internal CA, so this is not the cause of the error, rendering this option incorrect. (Reference: Cisco Umbrella SSL Inspection Requirements.)

Additional Notes:
Implementing URL blocking with Cisco Umbrella is a key topic in the 350-701 SCOR exam under content security. As of 1:00 PM PKT, October 03, 2025, certificate installation is critical for SSL decryption

RSA

Compared to RSA, the prevalent public-key cryptography of the Internet today, Elliptic Curve Cryptography (ECC) offers smaller key sizes, faster computation,as well as memory,
energy and bandwidth savings and is thus better suited forsmall devices.

Explanation
The question describes a scenario where an attacker can see the passwords being transmitted. This is a classic case of eavesdropping on network traffic.

Unencrypted Links:
When data, including passwords, is sent over a network without encryption (like a VPN using no encryption or plain text protocols like HTTP or Telnet), it is transmitted as readable "clear text." An attacker who can position themselves on the same network path (e.g., through a man-in-the-middle attack or by sniffing network traffic) can directly intercept and read this data as it travels. This vulnerability directly allows the attacker to see the passwords in transit.

The other vulnerabilities listed are real, but they do not directly enable the attacker to see the password during transmission.

Detailed Breakdown of Incorrect Options

A. weak passwords for authentication

Why it is incorrect:
Weak passwords make it easier for an attacker to guess the password through a brute-force or dictionary attack. However, the question specifically asks which vulnerability allows the attacker to "see the passwords being transmitted." A weak password does not, by itself, make the password visible on the network; it just makes it easier to crack once obtained. The means of obtaining the password in a readable form is the lack of encryption (Option B).

C. software bugs on applications

Why it is incorrect:
Software bugs can lead to vulnerabilities like buffer overflows or SQL injection, which an attacker can exploit to execute code or bypass authentication. However, these typically do not result in the password being displayed in clear text on the network. They might allow an attacker to dump a password database from a server, but that is different from intercepting it during transmission between the client and server.

D. improper file security

Why it is incorrect:
Improper file security refers to misconfigured permissions on files stored on a system (e.g., a world-readable password file on a server). This could allow an attacker who has already gained some access to read stored passwords. However, this is about passwords at rest, not passwords in transit. The scenario described in the question is about seeing the password as it is being sent over the network.

Key Takeaway:
To protect the confidentiality of data, including passwords, while it is in transit over a network, encryption is mandatory. Protocols like IPsec VPNs, HTTPS, and SSH encrypt the communication channel to prevent exactly this kind of eavesdropping attack. The vulnerability that allows the attacker to see the data is the absence of this encryption.

profile

https://www.cisco.com/c/en/us/support/docs/security-vpn/public-keyinfrastructure-
pki/211333-IOSPKI-Deployment-Guide-Initial-Design.html

Rule

Source

Private Cloud

Explanation
The question describes a solution that performs three key functions on Cisco IOS and IOS XE devices:

Recognize applications (Application Recognition)

Collect and send network metrics to management tools (Visibility)

Prioritize application traffic (Control)

This is the exact definition of Cisco Application Visibility and Control (AVC). AVC is a suite of features that combines several technologies:

NBAR2 (Next-Generation Network-Based Application Recognition):
For deep packet inspection to identify thousands of applications.

NetFlow/IPFIX:
For collecting and exporting detailed flow records about the identified applications.

Performance Monitoring (PerfMon):
For collecting performance metrics like latency, jitter, and packet loss.

Quality of Service (QoS):
For marking, policing, shaping, and queuing traffic to prioritize critical applications.

AVC integrates these components to provide a comprehensive solution for monitoring and managing application performance on the network.

Why the other options are incorrect:

A. Cisco Catalyst Center:
This is Cisco's network management and automation platform (formerly DNA Center). While Catalyst Center consumes and visualizes the data provided by AVC, it is not the underlying technology on the router/switch that performs the recognition, collection, and prioritization. AVC is the feature set on the network device itself.

B. Cisco Security Intelligence:
This is a broad term, often associated with threat intelligence feeds from Cisco Talos. It is related to security analysis, not application performance monitoring and control.

C. Cisco Model Driven Telemetry (MDT):
This is a modern, high-performance method for streaming data from network devices. While AVC can use MDT as a transport mechanism to send data to collectors, MDT itself is just the transport protocol. It does not include the application recognition (NBAR2) or traffic control (QoS) components. AVC is the overarching solution that defines what data is collected and how it's used.

Reference:
The definition and components of AVC are documented in Cisco's solution guides.

As per the Cisco Application Visibility and Control Configuration Guide, AVC is described as a solution that "integrates multiple Cisco IOS and Cisco IOS XE technologies... to provide application-level visibility and control" and "enables you to monitor, manage, and optimize your network performance.

An interface can be assigned only to one zone.

Explanation for Each Option:

A. health policy (Correct):
On Cisco Firepower Management Center (FMC), the health policy is used to monitor and collect health module alerts from managed devices (e.g., Firepower Threat Defense devices). It defines thresholds and notifications for system health metrics like CPU usage, disk space, and interface status, making it the appropriate policy for this purpose. (Reference: Cisco FMC Health Policy Configuration Guide.)
B. system policy (Incorrect):
System policies in FMC configure device-level settings (e.g., NAT, QoS), but they do not specifically collect or manage health module alerts. Health monitoring is a distinct function handled by the health policy, rendering this option incorrect. (Reference: Cisco FMC System Policy Overview.)

C. correlation policy (Incorrect):
Correlation policies in FMC define rules to correlate events and generate alerts based on security incidents, not to collect health module alerts from devices. They focus on threat detection, not system health, making this option unsuitable. (Reference: Cisco FMC Correlation Policy Guide.)

D. access control policy (Incorrect):
Access control policies in FMC determine how traffic is allowed, blocked, or inspected based on rules. They are unrelated to collecting health module alerts, which are system health-related, not traffic-related, rendering this option incorrect. (Reference: Cisco FMC Access Control Policy Guide.)

E. health awareness policy (Incorrect):
"Health awareness policy" is not a recognized term in Cisco FMC documentation. The correct term is "health policy," which handles health monitoring and alerts, making this option invalid. (Reference: Cisco FMC Health Monitoring Documentation.)

Additional Notes:
Configuring health policies in FMC is a key topic in the 350-701 SCOR exam under network security. As of 12:25 PM PKT, October 03, 2025, it ensures device health visibility.

Configure the advancedproxyconfig command with the HTTPS subcommand